1. Library
  2. Tools and Commands
  3. Http Testing

Postman

Updated 10 hours ago

Every API call is a question. You're asking a server: give me this data, create this resource, delete this thing. The server answers with status codes, headers, and bodies.

Postman lets you ask questions and see answers before writing a single line of code.

That's its purpose. Not "API testing platform" or "collaboration tool"—though it's both. Postman exists because understanding an API by reading documentation is like learning to swim by reading about water. You need to make requests, see responses, and develop intuition for how the conversation works.

The Core Loop

Every interaction in Postman follows the same pattern:

  1. Build a request (method, URL, headers, body)
  2. Send it
  3. See what comes back
  4. Adjust and repeat

This feedback loop is where understanding develops. You try GET /users and see what the response looks like. You try POST /users with a body and see what's required. You send a malformed request and see how the API complains.

Curl can do this too. But Postman shows you everything at once—the request you're building, the response you received, the headers both ways, the timing. You're not constructing strings and parsing output. You're having a conversation.

Building Requests

A request has components:

Method and URL: The verb and the noun. GET https://api.github.com/users/octocat asks for a specific user.

Headers: Metadata about the request. Authentication tokens, content types, custom application headers. Postman shows these as key-value pairs you can toggle on and off.

Query Parameters: The ?search=test&limit=10 part. Postman builds this automatically from a table of key-value pairs—no manual string concatenation.

Body: For POST, PUT, PATCH—the data you're sending. JSON, form data, raw text, file uploads. Postman validates JSON as you type and pretty-prints it.

Authentication: Rather than manually constructing Authorization: Bearer xyz headers, Postman has built-in handlers for Basic Auth, OAuth, API keys, AWS signatures. You fill in credentials; it builds the headers.

Click Send. The response appears: status code, timing, headers, body. If it's JSON, Postman formats it. If it's an image, it displays it. If it's an error, you see exactly what went wrong.

Collections: Organizing the Conversation

A single request teaches you one thing. But APIs have dozens of endpoints, and you need to remember what you learned.

Collections group related requests:

User API
├── Authentication
│   ├── Login
│   └── Logout
├── Users
│   ├── List Users
│   ├── Get User
│   ├── Create User
│   └── Delete User

This is documentation you can execute. Each request preserves not just the URL but the headers, body, and test assertions you've built. When you return in three months wondering "how did I authenticate to this API?", the answer is in your collection.

Collections also share. Export as JSON, commit to your repo, import on another machine. Or share through Postman's cloud with your team.

Environments: Same Requests, Different Targets

Most APIs have multiple environments: development, staging, production. The requests are identical except for the base URL and credentials.

Environments store variables:

Development:
  base_url: https://api-dev.example.com
  api_key: dev_key_123

Production:
  base_url: https://api.example.com
  api_key: prod_key_456

Your requests use {{base_url}}/users with X-API-Key: {{api_key}}. Switch environments with a dropdown. Every request updates.

This prevents the mistake of testing against production when you meant development—or worse, deleting production data while debugging.

Tests: Codifying Expectations

Once you understand how an API should behave, encode that understanding as tests:

pm.test("Status is 200", function () {
    pm.response.to.have.status(200);
});

pm.test("Response has user data", function () {
    const data = pm.response.json();
    pm.expect(data).to.have.property('name');
    pm.expect(data).to.have.property('email');
});

pm.test("Response time acceptable", function () {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

These run automatically after each request. Green checkmarks mean the API behaves as expected. Red failures mean something changed.

You can also extract values from responses—save a user ID to use in subsequent requests, chain a login token through an entire workflow.

The Console: Seeing What Actually Happened

When something doesn't work, the console shows the raw truth. Open it from View → Show Postman Console.

You see exactly what Postman sent—the full URL after variable substitution, every header, the complete body. And exactly what came back. No abstraction, no interpretation. The actual HTTP conversation.

This is where debugging happens. The visual interface is for building; the console is for understanding what went wrong.

Running Collections

The Collection Runner executes all requests in sequence:

  1. Select a collection
  2. Choose an environment
  3. Set iterations (repeat the whole suite N times)
  4. Run

Postman reports pass/fail for every test in every request. This is regression testing—verify that the API still works the way your collection says it should.

For CI/CD, Newman runs collections from the command line:

newman run collection.json -e environment.json

Develop in the GUI, test in the pipeline.

Mock Servers

Sometimes the API doesn't exist yet. Frontend teams need to build against something while backend teams implement the real thing.

Postman creates mock servers from collections. Define the requests and example responses you expect. Postman gives you a URL that returns those examples. Frontend builds against the mock; backend implements the real API; both use the same contract.

When the real API is ready, change the environment variable. The requests don't change—only their target.

Documentation

Collections generate documentation automatically. Postman publishes interactive docs where readers can see requests, parameters, and example responses—and even try them directly.

The documentation stays current because it's generated from the same collection you're using to test.

Code Generation

Once you've built a working request, Postman generates code in dozens of languages. Click the code icon, select Python or JavaScript or Go, and copy the result into your application.

This bridges the gap between exploration and implementation. Understand the API in Postman's visual environment, then generate the code to use it.

When to Use Postman vs. Command-Line Tools

Use Postman when:

  • Learning a new API
  • Building and testing request sequences
  • Collaborating with a team
  • Debugging complex authentication
  • Documenting APIs
  • Running test suites

Use curl/HTTPie when:

  • Writing scripts
  • Quick one-off requests
  • CI/CD pipelines
  • Environments where Postman isn't installed

They complement each other. Postman generates curl commands; curl commands import into Postman.

Getting Started

Download from https://www.postman.com for Windows, macOS, or Linux. The free tier includes everything discussed here. Create an account to sync across devices.

Then pick an API—any API—and start asking questions. GitHub's API is public and well-documented. Try GET https://api.github.com/users/octocat. See the response. Modify the request. Build intuition.

That's how you learn to speak the language.

Frequently Asked Questions About Postman

Was this page helpful?

😔
🤨
😃